| CVE-2026-42296 |
high |
8.1 |
8.1 |
|
|
|
26d ago |
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure |
| CVE-2026-28229 |
high |
— |
8.0 |
|
|
|
3mo ago |
Unauthorized access to Argo Workflows Template |
| CVE-2026-40886 |
high |
7.7 |
7.7 |
|
|
|
1mo ago |
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller |
| CVE-2026-42294 |
high |
7.5 |
7.5 |
|
|
|
26d ago |
Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor |
| CVE-2026-31892 |
unknown |
— |
— |
|
|
|
3mo ago |
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode in github.com/argoproj/argo-workflows |
| CVE-2026-23960 |
unknown |
— |
— |
|
|
|
4mo ago |
Argo Workflows affected by stored XSS in the artifact directory listing in github.com/argoproj/argo-workflows |
| CVE-2025-66626 |
unknown |
— |
— |
|
|
|
6mo ago |
RCE via ZipSlip and symbolic links in argoproj/argo-workflows in github.com/argoproj/argo-workflows |
| CVE-2025-62157 |
unknown |
— |
— |
|
|
|
8mo ago |
Argo Workflow may expose artifact repository credentials in github.com/argoproj/argo-workflows |
| CVE-2025-62156 |
unknown |
— |
— |
|
|
|
8mo ago |
Argo Workflow has a Zipslip Vulnerability in github.com/argoproj/argo-workflows |
| CVE-2024-53862 |
unknown |
— |
— |
|
|
|
2y ago |
Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows |
| CVE-2024-47827 |
unknown |
— |
— |
|
|
|
2y ago |
Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows |
| CVE-2022-29164 |
unknown |
— |
— |
|
|
|
4y ago |
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows |
| CVE-2021-37914 |
unknown |
— |
— |
|
|
|
5y ago |
Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows |
